kGrange's comments

There ought to be a good set of FOSS unit tests for those who dare implement their own crypto. For instance, you let it hook in to your PRNG, and it'll tell you if the output is random-looking enough.

It wouldn't be a panacea for bad crypto, and it does create a risk of people thinking "oh, it passed all of the tests, it must be secure," while still implementing it overall incorrectly. But I still think it would mitigate these "foolish/easy" errors and allows devs to focus on proper overall implementation.

Or does something like this already exist?

I don't think this is about "taking a stand." As has been pointed out, Dark Tangent is himself working for the Feds.

> recent revelations have made many in the community uncomfortable about this relationship.

They just don't want to deal with fed vs. non-fed tensions at the con. Maybe they're afraid fights would break out.

Most "people" don't, but if you're on Hacker News, I'm going to assume you're a little more tech-oriented than most "people."

In that case, check out ToS's on the services you use. They're, suprisingly, usually not that long or hard to read.

On salting, the author says that an attacker needs to rebuild the dictionary for each user they attack.

But doesn't the attacker only need to rebuild the dictionary once, using the salt they recovered?

Come now, let's not editorialize titles.

From http://ycombinator.com/newsguidelines.html :

Don't abuse the text field in the submission form to add commentary to links. The text field is for starting discussions. If you're submitting a link, put it in the url field. If you want to add initial commentary on the link, write a blog post about it and submit that instead.

Not to mention users like me, who opened it in a background tab, never even saw the video playing. I wouldn't have known it was anything but a blurry image if I hadn't seen this comment.